From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: A couple of questions and concerns about Emacs network security Date: Mon, 25 Jun 2018 20:06:52 +0300 Message-ID: <834lhqsslv.fsf@gnu.org> References: <83po0iuhs7.fsf@gnu.org> <83lgb4tg92.fsf@gnu.org> <83efgusvdw.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1529946602 28243 195.159.176.226 (25 Jun 2018 17:10:02 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 25 Jun 2018 17:10:02 +0000 (UTC) Cc: wyuenho@gmail.com, eggert@cs.ucla.edu, npostavs@gmail.com, emacs-devel@gnu.org To: Lars Ingebrigtsen Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jun 25 19:09:58 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fXV02-0007EM-0n for ged-emacs-devel@m.gmane.org; Mon, 25 Jun 2018 19:09:58 +0200 Original-Received: from localhost ([::1]:48405 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXV27-00018m-Lp for ged-emacs-devel@m.gmane.org; Mon, 25 Jun 2018 13:12:07 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41471) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXUxB-0006Kv-Ip for emacs-devel@gnu.org; Mon, 25 Jun 2018 13:07:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fXUxA-0002V5-NE for emacs-devel@gnu.org; Mon, 25 Jun 2018 13:07:01 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:43307) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXUx3-0002SM-Au; Mon, 25 Jun 2018 13:06:53 -0400 Original-Received: from [176.228.60.248] (port=2352 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fXUx2-0002Ij-PJ; Mon, 25 Jun 2018 13:06:53 -0400 In-reply-to: (message from Lars Ingebrigtsen on Mon, 25 Jun 2018 18:55:22 +0200) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:226719 Archived-At: > From: Lars Ingebrigtsen > Cc: eggert@cs.ucla.edu, emacs-devel@gnu.org, npostavs@gmail.com, wyuenho@gmail.com > Date: Mon, 25 Jun 2018 18:55:22 +0200 > > > . Do I understand correctly that most of the changes, including those > > in gnutls.c, are so that intermediary certificates could be > > verified? If so, would it make sense to omit that for emacs-26, > > and only beef up the medium level of security in NSM with the rest > > of the checks? > > Yes, that is definitely a possibility. The nsm.el changes should be > safe to backport (after they've been in master for a couple of weeks so > that people can test them), while the gnutls.c change might be more > dangerous. > > However, the thing that's protecting against (a SHA1 intermediate > certificate (oops, I see I've called it "intermediary" in the code and > doc; I'll fix that now)) is, I seem to remember, now being considered a > realistic attack (i.e., you can generate valid-looking fake certificates > based on one). If this is deemed a very serious vulnerability (I'm not an expert on these matters), then I guess we will have to wait longer before we backport the changes to emacs-26. Thanks.